The present invention relates to a portable electronic device, such as a so-called IC card, incorporating an IC (integrated circuit) chip having, e.g., a nonvolatile memory and a control element, e.g., a CPU and the like.
In recent years, an IC card incorporating a nonvolatile data memory (e.g., a PROM), a CPU and the like has been developed as a memory card for storing data, and is commercially available. In a system using an IC card of this type, data communication with the IC card is performed using a card reader/writer. When instruction data with a function code is input from the card reader/writer, the IC card executes a function and outputs the result to the card reader/writer as response data.
The IC card may also incorporate an EPROM as a memory. In such a case, data once stored in the card cannot be deleted externally. In this case, therefore, the IC card has a drawback that unnecessary data cannot be deleted.
The latest IC card of the prior art incorporates an EEPROM, and storage data in such a memory can be electrically deleted. However, even the data to be held permanently may be deleted.
In such IC cards, data indicating a memory area as an access target of input data is included in control data in the input data. For this reason, when a plurality of memory areas are to be accessed, data must be input to individual memory areas taking all these memory areas into consideration. Such an access method is inefficient. In addition, since the format of the internal memory areas can be externally recognized, this results in lack of security of the data of the IC card.
Also, when a data string input to such IC cards is written in a data memory, the data string is stored as a block, and the following access is performed by recognizing the block. In a conventional storage method, an arbitrary data string is stored in units of blocks. With this method, when the data string is stored, it is stored with attribute data for indicating an attribute of the block. The attribute data consists of an identifier indicating, e.g., whether data constituting the block is valid or invalid. With this method, the attribute of a block consisting of a large amount of data is indicated only by single attribute data. In this case, when this large amount of data is stored, if part of the data cannot be normally stored for some reason, the abnormally stored data must be made invalid or deleted so as not to interfere with the following data access. However, if such a large amount of data is made invalid, the data area which can be used for the following write operation may be reduced.
When the IC card is used in a field where security is of prime importance, a personal identification number is stored as personal identification data. When the personal identification number is stored, it is input using, e.g., a keyboard of a terminal device and is then sent to and stored in the IC card through the card reader/writer. However, in the conventional IC card, once the personal identification number is stored, it can no longer be updated. For this reason, if the personal identification number of the IC card is known to a third party, since it cannot be updated, the third party who knows the number can utilize it. Therefore, the security of the IC card system may be lost.
If the valid date of the IC card corresponds to its service life, valid date data is also stored therein. However, once the valid date data is stored, it also cannot be updated. For this reason, the service life of the IC card cannot be updated, thus preventing effective use of the IC card.
As a data format of the prior art IC cards, a memory region is divided into a plurality of areas, and data management is generally performed in accordance with data access conditions for each area. The data access conditions include data associated with a data delete operation. When data in a given area is deleted, data indicating whether or not the area can be deleted is referred to. Only when it is determined that the area can be deleted is the data deleted. However, the data content includes specified data, such as personal identification data, which must not be deleted. Thus, if data indicating whether or not an area can be deleted can be rewritten, data which must not be deleted may also be erroneously deleted.